“NSO Group sells some of the most potent, off-the-shelf malware for remotely breaking into smartphones. Some versions allow a law enforcement or intelligence agency to steal essentially all meaningful data from an iPhone with no interaction from the target,” Joseph Cox reports for Motherboar. “Others just require the victim to click one link in a carefully crafted text message, before giving up their contacts, emails, social media messages, GPS location, and much more.”

“NSO only sells its tools to government agencies, but a newly released, explosive indictment alleges that a company employee stole NSO’s spyware product, dubbed Pegasus, and tried to sell it to non-authorized parties for $50 million worth of cryptocurrency,” Cox reports. “These capabilities ‘are estimated at hundreds of millions of [US] dollars,’ a translated version of the indictment reads. Several Israeli outlets were the first to report on and upload the indictment. The news shows a danger often highlighted by critics of the malware industry: that hacking tools or exploits typically reserved for law enforcement or intelligence agencies may fall into other hands.”

“According to the indictment, the unnamed employee started work as a senior programmer at NSO last year,” Cox reports. “As part of his job, the employee had access to NSO’s product and its source code, the document adds.”